Lead complex security incident investigations, perform log analysis, conduct malware analysis, create incident reports, and collaborate with teams to improve response capabilities.
Requisition Number: 2359474
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
Primary Responsibilities:
Required Qualifications:
Preferred Qualifications:
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
Primary Responsibilities:
- Lead and conduct highly complex security incident investigations across endpoints (memory and disk), network traffic, and cloud environments, including Azure and Microsoft 365
- Perform advanced incident investigation and in depth log analysis by correlating data from multiple sources such as SIEM, EDR, network security devices, and cloud platforms to accurately identify scope and impact
- Act as the final escalation point for critical and high severity security incidents, providing expert guidance and decisive incident handling
- Conduct static and dynamic malware analysis, including reverse engineering of exploits, and analyze adversary tactics, techniques, and procedures (TTPs) to understand attacker behavior
- Map attacker activities and observed behaviors to industry recognized frameworks such as MITRE ATT&CK, NIST to ensure structured analysis and reporting
- Perform digital forensic analysis across endpoints (Windows, Linux, and macOS), memory, and network data using established forensic methodologies and tools to support security incident investigations
- Execute effective containment actions during incidents, including isolating compromised systems, blocking malicious traffic, disabling accounts, and applying emergency controls to limit spread and impact
- Validate that eradication activities are fully completed and ensure affected systems are securely restored to normal operations without residual risk
- Prepare comprehensive incident reports detailing timelines, root cause analysis, impact assessment, indicators of compromise (IOCs), and remediation actions taken
- Collaborate with Security and Engineering teams to automate repetitive tasks such as alert enrichment, containment workflows, response actions, and ticket creation to improve efficiency and consistency
- Leverage internal and external threat intelligence feeds to enrich investigations with contextual insights, including known malicious IPs, domains, threat actor profiles, and attacker methodologies
- Work closely with cross functional teams to ensure coordinated and timely execution of incident response activities
- Continuously enhance detection and response capabilities by recommending improvements to SIEM and EDR platforms, tuning detection rules, developing better queries, and identifying logging gaps
- Handle Priority 1 (P1), Priority 2 (P2) and other critical incidents with urgency, ensuring rapid response, clear stakeholder communication, and minimal business disruption
- Monitor and report on key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to measure and improve incident response effectiveness
- Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications:
- Undergraduate degree or equivalent experience
- 5+ years of hands on experience in Major Security Incident Management, including:
- Case management
- War room facilitation
- Paging / on call coordination
- Security bridge management
- Solid log analysis experience across multiple security domains, including:
- SIEM platforms
- Endpoint security
- Perimeter/network security
- Threat intelligence feeds
- Email security solutions
- Experience in Sandbox Analysis for malware and suspicious file investigation
- Hands-on Digital Forensics experience, including evidence collection, analysis, and reporting
- Solid understanding and application of security frameworks, including:
- MITRE ATT&CK
- MITRE D3FEND
- NIST (incident response, security controls, or related standards)
- Practical experience with forensic tools, such as:
- Magnet AXIOM Forensics
- REMnux
- X Ways Forensics
- EnCase
- Forensic Toolkit (FTK)
- Or equivalent forensic tools
Preferred Qualifications:
- Relevant security certifications, such as:
- CHFI (Computer Hacking Forensic Investigator)
- EnCE (EnCase Certified Examiner)
- ACE (AccessData Certified Examiner)
- GCFA / GCFE
- GIAC Certified Incident Handler (GCIH)
- Microsoft Security Operations Analyst Associate (SC 200)
- Experience handling major security incident scenarios, such as:
- Ransomware attacks
- Distributed Denial of Service (DDoS)
- Advanced Persistent Threats (APT)
- Business Email Compromise (BEC)
- Advanced understanding of adversary behavior, including:
- Adversary Tactics, Techniques, and Procedures (TTPs)
- Cyber Kill Chain methodologies
- Expert level application of MITRE ATT&CK and MITRE D3FEND
- Solid working knowledge of NIST frameworks, particularly:
- NIST 800 61 (Computer Security Incident Handling Guide)
- Fundamental understanding of application and networking protocols, including:
- Application protocols: HTTP, DNS, FTP, etc.
- Networking protocols: TCP, UDP, ARP, ICMP, etc.
- Ability to analyze packet capture (PCAP) files using tools such as Wireshark
- Knowledge of operating system internals, including:
- Virtual memory and paging mechanisms
- Malware techniques used to evade detection
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.
Similar Jobs at Optum
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
The Tech Support Analyst resolves technical issues, maintains exceptional customer service, and logs interactions within an incident management tool while adhering to company policies.
Top Skills:
Java Plug-InsMs Office SuiteRightfaxTableauWindows 10
19 Hours Ago
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
The role involves ensuring compliance with policies, remediating security risks, managing vendor risk, and providing guidance on security frameworks and policies.
Top Skills:
Grc PlatformsIso27001LogicgateNavexNist 800-53PerimeterRsamService Now
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
Install, support, maintain and design Avaya telecommunications and unified communications systems. Provide Tier 1/2 support, troubleshoot complex issues, produce documentation, manage assets and workloads, lead small teams/committees, assist process improvement, and deliver excellent customer service across the enterprise environment.
Top Skills:
AadsAvaya Aura PlatformAvaya Cloud OfficeAvaya Communications ManagerAvaya Ix MessagingAvaya Session Border ControllerAvaya Session ManagerAvaya System ManagerCarrier ServicesLinuxMS OfficeNice Cxone (ScriptingPbx SystemsRingcentralServicenowStudio)Windows
What you need to know about the Singapore Tech Scene
The digital revolution has driven a constant demand for tech professionals across industries like software development, data analytics and cybersecurity. In Singapore, one of the largest cities in Southeast Asia, the demand for tech talent is so high that the government continues to invest millions into programs designed to develop a talent pipeline directly from universities while also scaling efforts in pre-employment training and mid-career upskilling to expand and elevate its workforce.

